New Lua-based malware LucidRook observed in targeted attacks against Taiwanese organizations
Essential information
- Published
- 08/04/2026 15:48
- Modified
- 08/04/2026 17:01
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- lucidknight lucidpawn lucidrook spearphishing taiwan
- Tags
- 2026-04-08 lucidknight lucidpawn lucidrook spearphishing taiwan
- Related entities
- 22 indicators, 22 observables, 1 techniques (mitre), 3 malware, 5 others
Description
Cisco Talos observed a spear-phishing attack delivering LucidRook, a newly identified stager that targeted a Taiwanese NGO in October 2025. The metadata in the email suggests that it was delivered via authorized mail infrastructure, which implies potential misuse of legitimate sending capabilities.